"From the consumer's point of view, Microsoft's HealthVault site is part filing cabinet, part library and part fax machine for an individual's or a family's medical records and notes.

The free site can store medical histories, immunization and other records from doctors' offices and hospital visits, including data from devices like heart monitors. It is also tied to a health information search engine the software maker launched last month.

Users can dole out access to different slices of their health data via e-mailed invitations to doctors, family members and other people as the need arises.

Microsoft has been kicking around the idea of a health site since at least 2000, when Chief Executive Steve Ballmer described a "health vault" in a speech to financial professionals in New York.

The software maker isn't the first to jump into the ring. Across the country, groups of providers are starting "regional health information organizations" to share data electronically.

Insurance providers and private companies market their own flavors of patient-controlled storehouses of records, and employers including Wal-Mart Stores Inc. offer such tools to workers.

Steve Case, co-founder of AOL, has launched Revolution Health, an information Web site that offers a records management tool for paying members, and Google Inc. has indicated it will launch its own service."

"The World Privacy Forum is warning consumers about the potential pitfalls of using newly popular services that consolidate personal health records - especially when they're kept by companies that are not subject to current federal regulations on privacy and security.

"Consumers need to know that not all (vendors) protect privacy in the same way," said Pam Dixon, executive director of the San Diego nonprofit group, which is issuing its report today. "Some can undermine consumer privacy in serious and unexpected ways."

To protect yourself, know your rights:

"-- Study privacy policies carefully. Don't use a vendor if it doesn't have one or if it's not readily available.

-- If a company says it is "HIPAA-compliant," that may not mean it's covered by the Health Insurance Portability and Accountability Act. Find out what your rights are from that vendor.

-- For more information on your rights under the Health Insurance Portability and Accountability Act, go to www.hhs.gov/ocr/hipaa.

-- Find the World Privacy Forum report at www.worldprivacyforum.org."

This is looking more and more like a medical identity theft train wreck waiting to happen. Unless and until the medical info people get their individual and collective acts together, I wouldn't sign up with anything online with respect to my medical records. YMMV!

I wouldn't put my medical records on line any where, ever. Geeze, I won't even subscribe to G-Mail service because of their abilities to log all my emails. I don't want to make it easy for any one to sell my information.

True, contract law could help with this... but I think that what lots of people are concerned about are deliberate [ie, mining your data], or accidental [lost company laptop, etc.] security breaches.

If you have a sharp eye when you are out, you will see holes in many companies' security, because their employees don't care, or don't understand the ramifications of their being careless ... even when the company has 'air-tight' security on paper.

Companies are working to limit their liability in the event of a breach, as well. If an employee steals my data, and sells it to someone who uses my information to receive medical services, it can impact my health, which is much more important than my finances.

All that having been said, I think that your point is valid in that anyone who has access to people's health records should be held to the same HIPAA standards, because by possessing the information, they have become a de facto part of the medical infrastructure.